Google dings missive to lawmakers: 'We're misunderstood'

Chocolate Factory promises it's not locking your privates in a vice

5. Please explain Google’s practices regarding the archiving of user information, and how this will change once its new privacy policy is in place.

The updated Privacy Policy does not materially change our archiving or deletion practices.

(a.) Does Google offer users the option to permanently delete their personal information from its archives? If not, why not?

We make good-faith efforts to provide our users with access to their personal information and to delete such data at their request, if it is not otherwise required to be retained by law or for legitimate business purposes. The current archiving system was originally built to be highly reliable for data retention in order to prevent data loss in case of failures, which must be balanced against deletion requests.

After receiving a deletion request from a user, archived copies will expire and the archival system has mechanisms to subsequently overwrite expired archived data. Data may be retained for a number of reasons, such as when required for legal compliance.

(b.) Please describe the technical challenges faced when responding to users’ requests for deletion of data. How long does it take for data to actually be removed?

As is described above, immediate deletion is not always practicable due to the way the archiving system operates. Also, other considerations such as legal requirements may impair our ability to immediately process a deletion request. However, Google has processes in place to remove user data from active serving systems within a reasonable period of time after a user asks us to close his or her Google Account. Various Google services adhere to different deletion guidelines.

(c.) Does Google store or permanently delete user information once a user closes or deletes his or her Gmail account or Google+ account?

When a Google account is closed, Gmail and Google+ have processes in place to remove account data from Google’s active serving systems within a reasonable period of time.

(d.) If Google retains information from deleted accounts, how long is it archived and for what purpose?

The data is archived on tapes to ensure data recovery in case of failures. Retention periods for archived data vary depending on data source, technology type, and business requirements. Retention can be for a set period (such as 60 days) or for the life of the storage medium.

6. According to an article in The Washington Post, “Consumers won’t be able to opt-out of the changes, which will take effect March 1.” Please explain if consumers will have the option to opt-out of any data collection, usage practices, and information sharing between Google’s many services, including Gmail, Google Search, and YouTube. If so, how can a consumer make this request successfully? If not, why not?

If people continue to use Google services after March 1, they’ll be doing so under the updated privacy policy. The use of a primary privacy policy that covers many products and enables the sharing of data between them is an industry standard approach adopted by companies such as Microsoft, Facebook, Yahoo!, and Apple.

It’s also important to remember that even after the changes, users will still be able to use many of our products – such as Google Search and YouTube – without logging into their Google Account or creating one in the first place.

We will continue to develop new product features in line with our privacy principles, including being transparent about our practices and providing users with clear choices about how their data is used across our services.

For example, users who log in can use the search history settings to edit or delete their search history or turn off the product entirely. These types of tools give users clear choice if they don’t want to combine information from their search history with other information in their Google account under the updated privacy policy, consistent with our longstanding commitment to user control.

Other privacy controls that offers users choices about how data is used include:

Google Dashboard, which shows what information is stored in your Google Account and allows you to edit that information; Google’s Ads Preferences Manager, which allows you to view and edit the information we use to show you personalised ads, or to turn off ads personalisation entirely, on those partners’ sites, Gmail and search; and "Off-the-record" chat in Gmail, if you don’t want your instant message conversations archived; Incognito browsing in the Chrome browser, which lets you surf the web in stealth mode; and Session-wide SSL encryption in Gmail and search results for signed-in users by default, which helps protect your email and search results from being snooped on by others using your Internet connection (like a WiFi hotspot).

In addition, users can set up multiple accounts to manage multiple identities, move data between those accounts with Data Liberation tools, and prevent information from one account being used to personalise another account. If Jane wants to use Google Docs and keep that separate from her personal Google+ account, she may create a work_jane@gmail.com account that she uses for Docs, and a personal_jane@gmail.com account that she uses for sharing on Google+.

7. Does Google plan to offer distinct privacy protections for children and teens?

We are deeply committed to protecting the privacy of all of our users in their online activities, and especially to ensuring that teenagers enjoy appropriate privacy protections online.

Our services are intended for general audiences and are not directed at children. We do not allow consumers to sign-up for a Google account if they indicate that they are under the age of 13. We have invested significant resources in developing tools that enable teens to have a safe and positive experience while using Google services. More generally, we offer industry-leading tools that let parents protect their family’s privacy and safety.

For example, we have built a number of features into Google+ that protect teenagers’ privacy and enable them to have an age-appropriate experience while letting them to build meaningful connections online.

We provide teens with in-product guidance about how to protect their privacy, set default privacy controls for teen accounts to more conservative settings, and offer educational resources specifically designed for teenage users. When teens try to share content outside of their private circles, we provide an in-product notification encouraging them to think before they post. Google+ gives users control over who can contact them online, and by default, only those in a teen’s circles can communicate with that teen.

Furthermore, a teenager can with a couple of clicks block someone from communicating with him or her. If a teenager is using the Hangouts feature in Google+ to do a live multi-person video chat and a stranger outside of a teen’s circles joins the Hangout, we temporarily remove the young adult and give him or her a chance to rejoin.

We also provide expanded abuse reporting functionality across Google+ to give teens powerful tools to maintain positive interactions. Finally, the Google+ Safety Center offers educational resources that describe these tools in more detail and explains how teens can protect their privacy and safety online, including resources such as a Google+ Teen Safety Guide, a Parent's Guide to Google+, and other tips and advice from child safety organisations.

More generally, Google offers users tools to control how the information they post is shared with other users. For example, a user can set a YouTube video to private so that it is only shared with specified people. Sharing controls across Google products puts users in control of what content they share online, including photos, personal blogs, and profile information, by allowing them to share this content with as many or as few people as they choose.

Other tools that Google offers to enable families to protect their privacy and safety online include: our SafeSearch feature for web search that parents can use to filter sexually explicit images and text in search results, YouTube Safety mode that allows users to exercise control to avoid exposure to potentially objectionable video content, and reporting tools to enforce community standards across our products.

In addition to developing tools to empower our users to protect their privacy online, we invest significant resources in providing educational initiatives to promote awareness about online privacy and safety, and in collaborating with industry and law enforcement partners on additional safety initiatives to protect children. We would be happy to provide you with additional information about these efforts at your request.

8. Please explain exactly how a user of an Android Phone will be affected by Google’s new policy. Is there any ability for users to opt-out, other than not purchasing and using an Android phone? How will Google’s new policy affect users who do not use an Android phone but automatically stay logged into their Gmail accounts on their phones?

Our updated privacy policy, like the prior versions, covers users signed into their Google Accounts on Android phones just as it does users signed into their Google Accounts from a desktop computer. So the change will not have any significant impact on users of Android phones, and we are not collecting any new or additional data about Android users in connection with this change.

Users can choose not to log into an Android phone with a Google Account and still use it to place phone calls, send text messages, browse the web and use certain Google applications that do not require account authentication such as Google Maps. Some Google applications such as Android Market and Gmail require authentication with a Google Account.

9. How does Google plan to be open and transparent with its users concerning its new privacy policy?

We are conducting the most extensive user notification effort in Google’s history. On January 24, 2012, we began notifying users, including those who use our products without Google Accounts, about the changes. This will continue even after the updated Privacy Policy takes effect March 1.

Our notification methods include emails to our users; a promotion on Google.com; in-product notices on properties such as Google Maps, Google News, YouTube and mobile search; a "New" icon beside the Privacy link on many Google pages; an interstitial when users sign into their Google Accounts both on computers and mobile devices; an updated website, www.google.com/policies, that explains the changes and the benefits to users; and a post on the Official Google Blog.

We also are displaying our current privacy policy as well as the updated privacy policy so users can read and compare both documents.

10. Which Google products, features, and services on Google or third party devices and websites are subject to the new main privacy policy? Which are not? For each, please explain why each of these products were included or excluded from the new pain privacy policy. For each, describe any changes under the new policy in the ways that data is allowed to be collected or shared (regardless of whether Google does or does not plan on making any immediate operational changes to data collection and sharing on these products, features, devices, or services).

The updated main privacy policy applies to all relevant Google products, features and services with the following limited exceptions. We’re maintaining three product-specific privacy notices, linked to from the main Privacy Policy: Google Wallet, Google Books and Chrome.

Google Wallet is a financial service and therefore regulated by industry-specific privacy laws that require detailed descriptions of our practices. For Chrome and Books, we wanted to explain our privacy practices specific to those products in more detail without cluttering up the main Privacy Policy.

In addition, we are currently keeping the following standalone privacy policies or notices, some of which are carried over from recent acquisitions (which are identified with an asterisk after the name), and others which require their own separate privacy policies due to legal requirements or contractual commitments: AdMob*, BeatThatQuote, CleverSense*, Google Jobs, Google Health, InviteMedia*, Location Services in Firefox, reCAPTCHA, Teracent*, The Dealmap*, and Zagat*.

11. What are the names of all of the Google products and services? For each product, are you able to use that product without logging in?

Users don’t need to log in to use many of our products and services including Search, Maps and YouTube.

Also, though not included on that page, Chrome OS and Android may be used without signing into a Google account.

For many of our products and services, additional functionality is enabled when the user signs in to his or her Google account. Furthermore, when users do log in, we give them ways to control how the information in their account is used. For example, they can use the Google Dashboard to see and control what information we associate with their account. They can also turn off search personalisation, turn off or edit their search history, turn their Gmail chats to "off the record" and use the Ads Preferences Manager to control how ads are tailored to them.